Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • David Turner
  • Ken Klingenstein
  • Peter Davis, CPO Airside Mobile
  • Chris Olsen
  • Nancy Lush
  • Colin Wallis
  • Sal D'Agostino

Regrets

Quorum Status

...

Time

Item

Who

Notes

5 min
  • Call to order
  • Roll call
  • Agenda bashing
  • Organization updates
Chair


  • Please review these blogs offline for current status on Kantara and all the DG/WG:

  • Colin: ISO SC 27/WG 5 item
    • ISO 29184 Privacy Notices and Consent - is at the last committee draft stage
    • The general plan was for Kantara to contribute the Kantara Consent Receipt spec into this work
    • Colin has asked the WG 5 mailing list about this idea - low response but generally positive
    • The deadline for submissions is around February 24, 2019 - need to assign editor time to it
5 minWG Motions
Quorum required 
Chair

Moved by:

Seconded:

Discussion:

Result:


5 min

Introductions

All

Welcome!


30 minDiscussion on document draftingCorné

The draft is in a Google doc - feel free to comment - Chairs and Editor will control acceptance of material.

Reminders from prior meetings:

  • Set a deadline for our work - EIC Munich in May
  • Corné will start with 2 streams: BP-1 (Consent Definition) and BP-2 (Privacy Notice)
    • Looking for writing partners to build content
  • Corné gave an overview of the process steps iWelcome goes through during customer workshops. 
    • The workshops deal with Information Management, data flows, and eventually what user consents are required by the customer systems.
    • They talk about the customer journey (UI and consumer facing) and the iWelcome digital platform (API and platform facing)
    • Definethe data model, the data processing purposes and consumer control capabilities
    • They discover the mandatory minimum data to deliver the service; data processed under other legal bases (collection is permitted but not mandatory); voluntary data where consent is needed
    • Q: Noted that "workforce" is listed in the first slide - do the workshops cover employee data? Normally the workshops are directed at the 'consumer' interaction. 
    • ACTION: The Employee use case should be covered in the consent use cases.
    • They work through the customer journey to define the data model - registration and initial data collection, data collection at later stages
    • The process highlights where additional data is wanted by the company but is not in the data model - requires further analysis by the team
    • The workshop then defined processing purposes for each of Mandatory, Other legal basis, and Voluntary data collection/processing
    • Note that these analysis processes are independent of the specific architecture implemented
    • Corné showed how the metadata could be used to give transparency and user controls in the mobile UI
    • Q: Should there be a "consent notice" in addition to the "privacy notice"?
    • Patterns that we should analyse
      • One time data collection, single use
      • One time data collection, multiple use
      • Periodic data collection
      • 'Continuous' data collection from a data connection
FYIDiscussion on the Interview QuestionsAll

The first draft of the interview questions is in a Google doc - please comment.

5 minUpcoming conferences and eventsAndrew

Events that Kantara will have an active role: https://kantarainitiative.org/events/

  • Corné presented a draft WG timeline leading up to EIC in May
5 minAOBChair
  • At the Kantara member member meeting - Paul Knowles presented the Blinding Identity Taxonomy and Schema Overlays - put on the agenda for a future meeting

AdjournChair

Next WG meeting Wednesday, November 21, 2018 10:00 Eastern Standard Time / 14:00 GMT

...